Hello Juan and Stefan,
I am writing on behalf of the OASIS Office TC. We have been discussing a proposal regarding digital
signatures in the upcoming ODF v1.2 and would appreciate any expert input from the
members of the DSS-X TC. If you could circulate the following it
would be appreciated.
The current proposal is here:
http://wiki.oasis-open.org/office/DSigProposal
The primary intent of the proposal is
to to add XadES signature support to ODF as well as provide explicit
support for signatures on xml fragments within a document.
Some of the discussion we have been
having around the proposal is archived here:
http://lists.oasis-open.org/archives/office/200808/msg00000.html
The following are open questions we
have been discussing:
compatibility between XMLDsig and
XAdES signatures. ODF currently has support for XMLDSig. Will an
XMLDsig conformant application be able to validate a XAdES signature
and vice versa (albeit with some loss of semantic interpretation)?
Should we recommend the usage of the <ds:..> prefix for XAdES
compatibility?
Given that XAdES is an extension
of XMLDSig, is it necessary to address the issue at all in ODF? By
supporting XMLDSig signatures can we argue that the format already
supports XAdES? The proposers would like to see explicit support –
at least a clear indication that XAdES signatures are valid in an
odf document - but not at the expense of raising significant compliance difficulties.
The proposal includes an attribute
<signature-type> which indicates the format of XAdES signature
used. There has been some discussion around the necessity, name and possible values of this
attribute. The purpose is merely to
provide a reader with a "hint" as to the signature format which follows. We note that in the advanced signature profile for DSS
there is a <SignatureForm> element which indicates the format
of signature requested. When
validating such signatures is it normal for validators to infer the
format implicitly and if so how is this typically done? If there is
value in maintaining the attribute we should probably change it to
be closer to the <SignatureForm> element in DSS and make use
of the same list of unique identifiers.
Digital signature requirements are
currently a moving target with improving algorithms and a range of
different national legislative requirements. We note that in DSS
you have adopted a basic core framework with "profiles"
describing concrete implementations. There has been some discussion
around the merits of adopting a similar approach with ODF. Any
comment or suggestion on this would be appreciated.
We have struggled a bit with
correct normative references to ETSI XAdES. Most of our initial work has been based
on the earlier W3C recommendations. I note that DSS makes reference
to "Advanced Electronic Signatures. ETSI TS 101
733. March 2006". I presume this is the proper, most recent,
normative reference. There have been some concerns expressed
around IPR's – presumably related to the ETSI patent policy which
is substantially more rights-inclined than that of W3C. Have there
been any concerns expressed within the DSS group we should be aware
of?
I would be very grateful for any thoughts on any or all of the above which I can report back to the Office TC.
Kind regards
Bob Jolliffe